projects
/
mirror
/
dsa-puppet.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
use a puppet builtin for this
[mirror/dsa-puppet.git]
/
modules
/
ferm
/
manifests
/
per-host.pp
diff --git
a/modules/ferm/manifests/per-host.pp
b/modules/ferm/manifests/per-host.pp
index
2401338
..
818c2aa
100644
(file)
--- a/
modules/ferm/manifests/per-host.pp
+++ b/
modules/ferm/manifests/per-host.pp
@@
-74,11
+74,6
@@
class ferm::per-host {
}
}
draghi: {
}
}
draghi: {
- #@ferm::rule { 'dsa-bind':
- # domain => '(ip ip6)',
- # description => 'Allow nameserver access',
- # rule => '&TCP_UDP_SERVICE(53)'
- #}
@ferm::rule { 'dsa-finger':
domain => '(ip ip6)',
description => 'Allow finger access',
@ferm::rule { 'dsa-finger':
domain => '(ip ip6)',
description => 'Allow finger access',
@@
-204,6
+199,16
@@
class ferm::per-host {
default: {}
}
default: {}
}
+ # solr stuff
+ case $::hostname {
+ stockhausen: {
+ @ferm::rule { 'dsa-solr-jetty':
+ description => 'Allow jetty access',
+ rule => '&SERVICE_RANGE(tcp, 8080, ( 82.195.75.100/32 ))'
+ }
+ }
+ }
+
# postgres stuff
case $::hostname {
ullmann: {
# postgres stuff
case $::hostname {
ullmann: {
@@
-243,12
+248,12
@@
class ferm::per-host {
bmdb1: {
@ferm::rule { 'dsa-postgres-main':
description => 'Allow postgress access',
bmdb1: {
@ferm::rule { 'dsa-postgres-main':
description => 'Allow postgress access',
- rule => '&SERVICE_RANGE(tcp, 5435, ( 5.153.231.14/32 5.153.231.23/32 ))'
+ rule => '&SERVICE_RANGE(tcp, 5435, ( 5.153.231.14/32 5.153.231.23/32
5.153.231.25/32 206.12.19.141/32
))'
}
@ferm::rule { 'dsa-postgres-main6':
domain => 'ip6',
description => 'Allow postgress access',
}
@ferm::rule { 'dsa-postgres-main6':
domain => 'ip6',
description => 'Allow postgress access',
- rule => '&SERVICE_RANGE(tcp, 5435, ( 2001:41c8:1000:21::21:14/128 2001:41c8:1000:21::21:23/128 ))'
+ rule => '&SERVICE_RANGE(tcp, 5435, ( 2001:41c8:1000:21::21:14/128 2001:41c8:1000:21::21:23/128
2001:41c8:1000:21::21:25/128 2607:f8f0:610:4000:6564:a62:ce0c:138d/128
))'
}
@ferm::rule { 'dsa-postgres-dak':
description => 'Allow postgress access',
}
@ferm::rule { 'dsa-postgres-dak':
description => 'Allow postgress access',